Explaining how to manually deploy the CA IM Password Sync Agent (64bit) on Windows OS.

book

Article ID: 36613

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On

Issue/Introduction

Introduction: 

Explaining how to manually deploy the CA IM Password Sync Agent (64bit) on Windows OS.

Background:  

The CA IM Password Sync Agent uses Installshield but sometimes the installer will fail with error code 1603. In some cases this can be resolved by following the instructions in TEC512991 which tells you to remove the C:\Program Files (x86)\Common Files\InstallShield folder and try installing again but this does not always solve the problem.

If the above does not solve the problem it may be that the problem is related to the IDriver.exe and an updated Installshield package would be needed as the current installer is built with an older version of Installshield. Engineering is aware of this problem but an updated installer has not yet been made available. In such a case the only solution for now would be to manually deploy the CA IM Password Sync Agent without using the Installshield installer.

Environment:  

Windows

Instructions: 

The PSYNC Agent bit version must match the OS bit version (i.e. 64bit or 32bit). The below is based on 64bit PSYNC Agent.

1) Copy the C:\Program Files\CA\eTrust Admin Password Sync Agent folder and contents from your working machine over to your non-working machine.

2) Edit the System Environment Variables to update the PATH to include C:\Program Files\CA\eTrust Admin Password Sync Agent\bin;

3) Edit the System Environment Variables to add LDAPRC=C:\Program Files\CA\eTrust Admin Password Sync Agent\CALDAP\data\ldap.conf

4) Edit the Registry to add C:\Program Files\CA\eTrust Admin Password Sync Agent\\Bin\eta_pwdsync.dll to the Notification Packages under the HKLM\SYSTEM\CurrentControlSet\Control\Lsa key

5) Create a .reg file with the following contents and import it into the registry:

 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates]

[HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\eTrust Admin]

"PwdNamespc"=""

"PwdPath"="C:\\Program Files\\CA\\eTrust Admin Password Sync Agent\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\eTrust Admin\Components]

[HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\eTrust Admin\Components\Agents]

"eTrust_PWD"="yes"

"eTrust_PWD_MajorVersion"=dword:00000008

"eTrust_PWD_MinorVersion"=dword:00000001

"eTrust_PWD_PatchVersion"=dword:00000002

 

6) Run the C:\Program Files\CA\eTrust Admin Password Sync Agent\Bin\PwdSyncConfig.exe to configure the PSYNC agent (if this is just another DC in the same domain as the working PSYNC you already have installed then you would not need to do this step since the eta_pwdsync.conf you copied would be valid already)

7) Restart the domain controller

 

Additional Information:

If you encounter this problem with 32 bit version of PSYNC Agent and/or if you do not have a working installation to copy the PSYNC Agent files from then you will need to contact CA Support for further assistance.

Environment

Release:
Component: IDMGR